July 18, 2022, Conformity—The following features and updates are now available with
Conformity's latest release on 18 July 2022.
- Conformity now allows admins to enforce API key safe IP ranges being used when creating API keys.
- RTM-005: Users Signed into AWS from an Approved Country: Conformity now supports North Macedonia previously known as Macedonia (Macedonia changed its name to North Macedonia).
Bug Fixes
- Fixed a bug with the Jira communications channel to display only active users in the channel's 'Assignee' list.
- Fixed a bug with the display of CSV Compliance Standard report data when importing it in Excel format through the 'Import data' wizard.
- Fixed a bug where the 'Configure rule...' and 'Send rule to...' options became visible for custom checks created along with the existing custom rules.
- Fixed a bug to enhance the performance of the RTM Event Monitoring dashboard section to prevent screen performance issues for customers with a large number of RTM events.
Custom Policy Updates
There is no change to the custom policy as a result of the new deployment. The current
custom policy version is 1.37. Click here to access the current custom policy.
New Rules
Azure
- VirtualMachines-037: Server Side Encryption for Unattached Disk using CMK: This rule ensures that unattached managed disk volumes are encrypted at rest using Customer-Managed Keys (CMKs).
- Network-022: Check for Unrestricted HTTPS Access: This rule ensures that no network security groups allow unrestricted inbound access on TCP port 443. *This rule was released on 4th July 2022 and was missed out from our release communications. We apologise for the miscommunication and the confusion.*
GCP
- CloudIAM-011: Minimize the Use of Primitive Roles: This rule limits the use of primitive roles, for example, `Owner`, `Editor`, and `Viewer` for Cloud IAM members in production and security-critical cloud environments.
Rule Update
- Network-015: Check for Unrestricted UDP Access: Updated the rule to prevent Conformity Bot from generating false positive checks for some scenarios, for example, security groups with `Access Deny` configurations.